If looking only at the chart on the previous page, one would conclude that data breaches are decreasing in frequency. But there is another data point that must be analyzed in conjunction with the incidents themselves. An incident can be made up of 10 records compromised or perhaps tens of millions of records compromised.
While 2008 had the greatest number of incidents reported, there were fewer records compromised than any year since 2004. Through 2008, some might conclude that hackers had to compromise more organizations to yield the same number of records. Then 2009 appears to be the opposite. While the number of incidents was the lowest reported in four years, the number of records compromised broke all previous records. Some might glean that in 2009 hackers were able to capture far more records with many fewer incidents. In other words, in 2009 hackers became much more efficient. However, remember that 2009 had the Heartland Payment Systems and National Archives and Records Administration data breaches, which together totaled more than 200 million records compromised.
New laws and regulations regarding data security breaches and disclosure laws affect the way in which nearly all organizations do business in the United States. This study, by Perimeter CTO Kevin Prince, provides a review of the scope and impact of data security breaches in an effort to encourage proactive modification to risk mitigation technologies, policies, and procedures that reduce exposure to a data breach incident.
However, keep in mind that the data used to extrapolate the charts, graphs, and representations for this study is by its very nature misleading.